Enes Özeser

10 exploits Active since Aug 2020
CVE-2020-23934 WRITEUP HIGH WORKING POC
RiteCMS 2.2.1 - Authenticated OS Command Execution via Filemanager PHP Upload
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section.
CVSS 8.8
CVE-2020-23935 WRITEUP CRITICAL WRITEUP
Kabir Alhasan Student Management System 1.0 - Auth Bypass
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
CVSS 9.8
CVE-2020-23936 WRITEUP CRITICAL WRITEUP
PHPGurukul Vehicle Parking Management System 1.0 - Auth Bypass
PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
CVSS 9.8
CVE-2021-27722 EXPLOITDB HIGH python WORKING POC
Nsasoft US LLC SpotAuditor <5.3.5 - Buffer Overflow
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
CVSS 7.5
CVE-2020-35249 EXPLOITDB MEDIUM text WORKING POC
elkarbackup 1.3.3 - Stored Cross-Site Scripting via Client Name Parameter
Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature.
CVSS 6.1
CVE-2020-27406 EXPLOITDB MEDIUM text WORKING POC
DynPG 4.9.1 - Authenticated Cross-Site Scripting via Groupname
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
CVSS 5.4
CVE-2020-23935 EXPLOITDB CRITICAL text WORKING POC
Kabir Alhasan Student Management System 1.0 - Auth Bypass
Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
CVSS 9.8
CVE-2020-23934 EXPLOITDB HIGH text WORKING POC
RiteCMS 2.2.1 - Authenticated OS Command Execution via Filemanager PHP Upload
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section.
CVSS 8.8
EIP-2026-106242 EXPLOITDB text WORKING POC
Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting (XSS)
EIP-2026-106243 EXPLOITDB text WORKING POC
Croogo 3.0.2 - Unrestricted File Upload